Samba 4 internal DNS question
Marc Muehlfeld
samba at marc-muehlfeld.de
Mon Feb 4 14:10:24 MST 2013
Hello,
Am 04.02.2013 16:38, schrieb Mark Pilant:
> What is the best way to dump out all of the DNS entries from Samba's
> internal DNS server?
I use bind and not the internal DNS. You can try a zone transfer:
# dig @AD-Controller samba.domain. AXFR
After I tried that against my samba DC I wondered, that every host can start a
zone transfer. On all my other zones I have configured, that transfers are
only allowed from slave servers.
I tried adding "allow-transfer { 192.168.29.4; };" to
/usr/local/samba/private/named.conf, that was generated during provision. But
then named don't start any more.
Is there a special reason that everyone have to be able to start a zone
transfer against the samba domain?
Wouldn't it be better for security reasons to disable zone transfers per default?
Regards,
Marc
More information about the samba-technical
mailing list